SecureRedact

View Original

The grey area of biometric data

No. 73: Bringing you the news that matters in video privacy and security

Biometric data privacy is ushering in a new era of legal and ethical challenges, due to the increased collection and use of biometric data (e.g. fingerprints, facial recognition, and genetic information). Is there enough protection around biometric data? How can companies be proactive rather than reactive to biometric data privacy concerns? 

The Illinois Supreme Court determined that healthcare workers do not fall under the protection of the Biometric Information Privacy Act (BIPA) when using biometric data, under specific circumstances - such as fingerprint scans for workplace functions like accessing drug cabinets. This nuanced application of biometric data laws points to potential gaps in legal protection for certain groups, particularly in employment settings.

The data breach at genetic testing company 23andMe paints a different but equally concerning picture. Nearly 7 million people's DNA ancestry information was compromised, highlighting vulnerabilities in the storage and protection of genetic biometric data. 

While BIPA's provisions offer a degree of protection, its limitations can exacerbate vulnerabilities and leave certain groups unprotected. Moving forward, it's imperative to reconcile these legal disparities and address the gaps to ensure a cohesive, secure, and privacy-centric approach to biometric data.  

As always, please send any feedback or topics of interest you would like to be covered.

Seena, Editor


News

Bipartisan bill introduced to end involuntary facial recognition at airports

Senators John Kennedy and Jeff Merkley introduced the Travelers’ Privacy Protection Act aimed at ending the Transportation Security Administration's (TSA) use of involuntary facial recognition screening at airports. The bill seeks to repeal TSA's authorisation for this technology and mandate the disposal of collected facial biometric data.

The Hill: Senators introduce bipartisan legislation ending involuntary facial recognition screening

Forbes: Here’s Why Senators Want To Ban The TSA’s Facial Recognition Screening At Airports

Illinois Supreme Court rules healthcare workers are exempt from biometric privacy law

The Illinois Supreme Court unanimously ruled that healthcare workers are not protected under the Biometric Information Privacy Act (BIPA) in specific circumstances - such as when required by employers to use fingerprint scans for accessing drug cabinets. 

Biometric Update: HIPPA trumps biometric privacy law in drug cabinet lawsuit

The State Journal Register: Illinois high court finds medical personnel exemption to biometric information privacy law

Meta to add encryption for Messenger, stirring privacy and security debate

Meta plans to make Messenger a fully encrypted service, aligning it with other messaging apps like WhatsApp and Apple’s iMessage. Intended to enhance user privacy by preventing third parties from accessing message content, it has reignited debates between privacy advocates and law enforcement, with concerns about its impact on tracking criminal activities like child exploitation.

The New York Times: Meta Plans to Add Encryption to Messenger, Stoking a Privacy Debate

Meta: Launching Default End-to-End Encryption on Messenger

Massive security breach at 23andMe affects millions

23andMe experienced a security breach, exposing a significant number of files containing ancestry profiles, affecting nearly 7 million users. Hackers accessed information such as names, relationship labels, birth years, and locations, and later sold this data online.

Tech Crunch: 23andMe confirms hackers stole ancestry data on 6.9 million users

The Guardian: Genetic testing firm 23andMe admits hackers accessed DNA data of 7m users

Heightened surveillance concerns at COP28 climate summit in Dubai

The COP28 climate summit in Dubai is under scrutiny for its widespread surveillance, including those linked to Emirati company Presight with past spying allegations. The comprehensive surveillance network raises privacy concerns among attendees, activists, and participants, as it potentially enables authorities to monitor activities throughout the event.

ABC News: At UN climate talks, cameras are everywhere. Many belong to Emirati company with a murky history

Euronews: COP28: Activists fear surveillance and arrests at Dubai climate summit


AI Snippet of the Week

Old Navy faces lawsuit over AI chatbox "wiretapping"

Old Navy is currently facing a lawsuit alleging that its chatbot engages in illegal wiretapping by recording and storing online chat conversations with customers. The lawsuit, filed in the Central District of California, claims that the chatbot deceives users into believing they are interacting with a human representative and shares consumer data with third parties without proper consent or notification.

CNBC: Can an AI chatbot be convicted of an illegal wiretap? A case against Gap’s Old Navy may answer that

Retail Wire: Gap’s Old Navy AI Chatbots Accused of Illegal Wiretapping


Policy Updates

California sets to lead AI regulation with comprehensive ADMT framework

The California Privacy Protection Agency (CPPA) has introduced draft regulations on Automated Decision-Making Technologies (ADMT) under the Consumer Privacy Protection Act. These regulations encompass a broad range of ADMT, including AI, machine learning, and profiling, and emphasise transparency, consumer notice, and opt-out processes.

JD Supra: The California Privacy Protection Agency Proposes Draft Regulations on Artificial Intelligence

Bloomberg: California’s Draft AI Privacy Rules Show Ambitious Approach


To subscribe to our fortnightly newsletter, please click here

Thanks for reading, if you have any suggestions for topics or content that you want to see covered in future please drop a note to: info@secureredact.co.uk